Biometric authentication

ABSTRACT

Aspects of the present disclosure are directed to systems and methods of authorizing access to access-controlled environments. In one example, a method includes receiving, passively by a computing device, user behavior authentication information indicative of a behavior of a user of the computing device, comparing, by the computing device, the user behavior authentication information to a stored user identifier associated with the user, calculating, by the computing device, a user identity probability based on the comparison of the user behavior authentication information to the stored user identifier, receiving, by the computing device, a request from the user to execute an access-controlled function, and granting, by the computing device, the request from the user responsive to determining that the user identity probability satisfies a first identity probability threshold associated with the access-controlled function.

BACKGROUND OF THE INVENTION 1. Field of the Invention

At least one example in accordance with the present invention relatesgenerally to biometric authentication.

2. Discussion of Related Art

The implementation of user authentication systems in access-controlledenvironments is generally known. Mobile computing devices, such assmartphones, may implement biometric authentication systems to preventaccess to access-controlled content of the mobile computing devices tounauthorized parties. For example, the access-controlled content of themobile computing device may require that a user enter a correct PersonalIdentification Number (PIN) or provide an image of the user'sfingerprint to the mobile computing device to access theaccess-controlled content.

SUMMARY

According to at least one aspect of the present invention, a method ofauthorizing access to access-controlled environments is provided,including receiving, passively by a computing device, user behaviorauthentication information indicative of a behavior of a user of thecomputing device, comparing, by the computing device, the user behaviorauthentication information to a stored user identifier associated withthe user, calculating, by the computing device, a user identityprobability based on the comparison of the user behavior authenticationinformation to the stored user identifier, receiving, by the computingdevice, a request from the user to execute an access-controlledfunction, and granting, by the computing device, the request from theuser responsive to determining that the user identity probabilitysatisfies a first identity probability threshold associated with theaccess-controlled function.

In one embodiment, the user behavior authentication information includesinformation indicative of at least one of physical behavior of a userand logical behavior. In some embodiments, the physical behavior of theuser includes an angle at which the user holds the computing device. Inan embodiment, passively receiving the user behavior authenticationinformation is performed without prompting the user to provide the userbehavior authentication information.

In at least one embodiment, the method further includes receiving, bythe computing device, a second request from the user to execute a secondaccess-controlled function, prompting, by the computing device, the userto provide at least one biometric input responsive to determining thatthe user identity probability does not satisfy a second identityprobability threshold associated with the second access-controlledfunction, receiving, by the computing device, the at least one biometricinput from the user, comparing, by the computing device, the at leastone biometric input to a user profile, calculating, by the computingdevice, a second user identity probability based on the comparison ofthe at least one biometric input to the user profile, adjusting, by thecomputing device, the user identity probability based on the second useridentity probability, and granting, by the computing device, the secondrequest from the user responsive to determining that the user identityprobability satisfies the second identity probability threshold.

In some embodiments, the user profile includes an encrypted biometricvalue corresponding to the user, the encrypted biometric value beingencrypted by a first encryption algorithm. In one embodiment, comparingthe at least one biometric input to the user profile includes encryptingthe at least one biometric input using the first encryption algorithm togenerate at least one encrypted biometric input, and comparing the atleast one encrypted biometric input to the encrypted biometric value.

In one embodiment, the method includes receiving, by the computingdevice, a third request from the user to execute a thirdaccess-controlled function, determining, by the computing device, thatthe user identity probability does not satisfy a third identityprobability threshold associated with the third access-controlledfunction, receiving, by the computing device, a liveness indicator fromthe use, calculating, by the computing device, a third user identityprobability based on the liveness indicator, adjusting, by the computingdevice, the user identity probability based on the third user identityprobability, and granting, by the computing device, the third requestfrom the user responsive to determining that the user identityprobability satisfies the third identity probability threshold.

In one embodiment, the liveness indicator includes an indicator that theuser is a live human user. In an embodiment, the liveness indicatorincludes at least one of an audio recording of the user speaking aphrase generated by the computing device and a video of the userperforming a gesture generated by the computing device. In someembodiments, receiving the liveness indicator includes receiving,passively by the computing device, one or more signals indicative of oneor more vital signs of the user.

According to aspects of the present disclosure, a method of authorizingaccess to access-controlled environments is provided includingreceiving, passively by a computing device, user behavior authenticationinformation indicative of a behavior of a user of the computing device,comparing, by the computing device, the user behavior authenticationinformation to a stored user identifier associated with the user,calculating, by the computing device, a first user identity probabilitybased on the comparison of the user behavior authentication informationto the stored user identifier, receiving, by the computing device, arequest from the user to execute an access-controlled function,prompting, by the computing device, the user to provide at least onebiometric input responsive to determining that the first user identityprobability does not satisfy a first identity probability thresholdassociated with the access-controlled function, receiving, by thecomputing device, the at least one biometric input from the user,comparing, by the computing device, the at least one biometric input toa user profile, calculating, by the computing device, a second useridentity probability based on the comparison of the at least onebiometric input to the user profile, adjusting, by the computing device,the first user identity probability based on the second user identityprobability, and granting, by the computing device, the request from theuser responsive to determining that the first user identity probabilitysatisfies the first identity probability threshold.

In one embodiment, the at least one biometric input includes a pluralityof biometric inputs. In some embodiments, passively receiving the userbehavior authentication information is performed without prompting theuser to provide the user behavior authentication information. In atleast one embodiment, the user profile includes an encrypted biometricvalue corresponding to the user, the encrypted biometric value beingencrypted by a first encryption algorithm. In some embodiments, themethod includes encrypting the biometric input using the firstencryption algorithm to generate an encrypted biometric input, andcomparing the encrypted biometric input to the encrypted biometricvalue.

In at least one embodiment, the method includes receiving a secondrequest from the user to execute a second access-controlled function.prompting the user to provide a liveness indicator responsive todetermining that the first user identity probability does not satisfy asecond identity probability threshold associated with the secondaccess-controlled function, receiving the liveness indicator from theuser, calculating a third user identity probability based on the receiptof the liveness indicator, adjusting the first user identity probabilitybased on the third user identity probability, and granting the secondrequest from the user responsive to determining that the first useridentity probability satisfies the second identity probabilitythreshold.

According to one aspect of the present disclosure, a method ofauthorizing access to access-controlled environments is providedcomprising receiving, by a computing device, authentication informationincluding at least one of user behavior information indicative of abehavior of a user of the computing device, and one or more biometricinputs, comparing, by the computing device, the authenticationinformation to a stored user identifier associated with the user,calculating, by the computing device, a first user identity probabilitybased on the comparison of the authentication information to the storeduser identifier, receiving, by the computing device, a request from theuser to execute an access-controlled function, prompting the user toprovide a liveness indicator responsive to determining that the firstuser identity probability does not satisfy a first identity probabilitythreshold associated with the access-controlled function, receiving theliveness indicator from the user, calculating a second user identityprobability based on the liveness indicator, adjusting the first useridentity probability based on the second user identity probability, andgranting the request from the user responsive to determining that thefirst user identity probability satisfies the first identity probabilitythreshold.

In one embodiment, the one or more biometric input includes a pluralityof biometric inputs. In at least one embodiment, the liveness indicatorincludes at least one of an audio recording of the user speaking aphrase generated by the computing device and a video of the userperforming a gesture generated by the computing device.

BRIEF DESCRIPTION OF THE DRAWINGS

Various aspects of at least one embodiment are discussed below withreference to the accompanying figures, which are not intended to bedrawn to scale. The figures are included to provide an illustration anda further understanding of the various aspects and embodiments, and areincorporated in and constitute a part of this specification, but are notintended as a definition of the limits of any particular embodiment. Thedrawings, together with the remainder of the specification, serve toexplain principles and operations of the described and claimed aspectsand embodiments. In the figures, each identical or nearly identicalcomponent that is illustrated in various figures is represented by alike numeral. For purposes of clarity, not every component may belabeled in every figure. In the figures:

FIG. 1 illustrates a diagram of a system for controlling access to anaccess-controlled content according to an embodiment;

FIG. 2A illustrates a block diagram of a mobile device according to anembodiment;

FIG. 2B illustrates a block diagram of software modules according to anembodiment;

FIG. 2C illustrates a block diagram of a system server according to anembodiment;

FIG. 3A illustrates a portion of a process for regulating access toaccess-controlled environments according to an embodiment;

FIG. 3B illustrates a portion of the process for regulating access toaccess-controlled environments according to an embodiment;

FIG. 3C illustrates a portion of the process for regulating access toaccess-controlled environments according to an embodiment; and

FIG. 4 illustrates a process of enrolling a user with a user deviceaccording to an embodiment.

DETAILED DESCRIPTION OF THE INVENTION

Examples of the methods and systems discussed herein are not limited inapplication to the details of construction and the arrangement ofcomponents set forth in the following description or illustrated in theaccompanying drawings. The methods and systems are capable ofimplementation in other embodiments and of being practiced or of beingcarried out in various ways. Examples of specific implementations areprovided herein for illustrative purposes only and are not intended tobe limiting. In particular, acts, components, elements and featuresdiscussed in connection with any one or more examples are not intendedto be excluded from a similar role in any other examples.

Also, the phraseology and terminology used herein is for the purpose ofdescription and should not be regarded as limiting. Any references toexamples, embodiments, components, elements or acts of the systems andmethods herein referred to in the singular may also embrace embodimentsincluding a plurality, and any references in plural to any embodiment,component, element or act herein may also embrace embodiments includingonly a singularity. References in the singular or plural form are nointended to limit the presently disclosed systems or methods, theircomponents, acts, or elements. The use herein of “including,”“comprising,” “having,” “containing,” “involving,” and variationsthereof is meant to encompass the items listed thereafter andequivalents thereof as well as additional items.

References to “or” may be construed as inclusive so that any termsdescribed using “or” may indicate any of a single, more than one, andall of the described terms. In addition, in the event of inconsistentusages of terms between this document and documents incorporated hereinby reference, the term usage in the incorporated features issupplementary to that of this document; for irreconcilable differences,the term usage in this document controls.

User authentication systems for a user device may be effective inpreventing unauthorized access to access-controlled environments. Forexample, user devices utilizing conventional user authentication systemsmay implement one-factor authentication systems requiring that usersactively input a PIN, for example, or allow the user device to scan andverify a fingerprint of the user. Security may be further enhanced byrequiring multiple factors of authentication, such as by requiring botha PIN and a fingerprint scan.

Conventional user authentication systems, such as those described above,may cause inconvenience to a user. For example, the user may beinconvenienced by devoting time and attention to actively providing oneor more authentication inputs. Moreover, the degree of authenticationrequired may not correspond to a criticality of a function to beexecuted. For example, the same degree of authentication may be requiredfor a lowest-criticality function executed by the user device (forexample, displaying weather information) and for a highest-criticalityfunction executed by the user device (for example, transferring a largesum of money via the user device).

Embodiments disclosed herein provide multiple types of userauthentication to allow or disallow access to an access-controlledenvironment of a user device. A first type of user authenticationincludes passive authentication, which does not require an affirmativeauthentication action to be executed by the user in response to a promptby the user device. For example, passive authentication informationmight include determining an angle at which a user usually holds theuser device.

A second type of user authentication includes active authentication,which includes prompting the user to actively provide authenticationinformation. For example, active information might include a scan of auser's fingerprint, received responsive to a prompt from the userdevice. A third type of user authentication includes livenessauthentication, which may aid in determining if an entity providingauthentication information to the user device is a live human user. Forexample, liveness authentication information might include informationindicative of a heartbeat of the user. A type and/or criticality of aprotected function to be executed by the user device may at leastpartially determine which, and how many, types of user authenticationare required for access to be granted to the protected function.

FIG. 1 illustrates a diagram of a system 100 for controlling access toaccess-controlled content according to an embodiment. The system 100includes a system server 105 and one or more user devices 101 includinga mobile device 101 a and a computing device 101 b. The system 100 canalso include one or more remote computing devices 102.

The system server 105 can be practically any computing device and/ordata-processing apparatus capable of communicating with the user devices101 and remote computing devices 102 and receiving, transmitting, andstoring electronic information and processing requests as furtherdescribed herein. Similarly, the remote computing device 102 can bepractically any computing device and/or data processing apparatuscapable of communicating with the system server 105 and/or the userdevices 101 and receiving, transmitting, and storing electronicinformation and processing requests as further described herein. Itshould also be understood that the system server 105 and/or remotecomputing device 102 can be any number of networked or cloud-basedcomputing devices.

In some implementations, remote computing device 102 can be associatedwith an enterprise organization that maintains user accounts andrequires authentication of account holders prior to granting access tosecure networked environments (for example, secure website, bank,Virtual Private Networks [VPNs], payment providers, and the like). Thevarious types of user accounts used to access or interact with suchnetworked environments are referred to herein as transaction accounts,which may include any type of account including but not limited to afinancial transaction account.

The user devices 101 can be configured to communicate with one another,the system server 105, and/or the remote computing device 102, such asby transmitting electronic information thereto and receiving electronicinformation therefrom as further described herein. The user devices 101can also be configured to receive user inputs as well as capture andprocess biometric information, for example, digital images and voicerecordings of a user 124.

The mobile device 101 a can be any mobile computing device and/or dataprocessing apparatus capable of embodying the systems and/or methodsdescribed herein, including but not limited to a personal computer,tablet computer, personal digital assistant, mobile electronic device,cellular telephone, or smartphone device. The computing device 101 b isintended to represent various forms of computing devices which a usercan interact with, such as workstations, a personal computer, laptopcomputer, dedicated point-of-sale systems, ATM terminals, access controldevices, voice-controlled devices, remote-controlled device, Internet ofThings (IoT) devices (for example, temperature sensors, smartwatches,garage door sensors, and so forth), or other appropriate digitalcomputers.

As further described herein, the system for authorizing access to anaccess-controlled system 100 facilitates the authentication of a user124. In some implementations, the system server 105 can also implementrules governing access to information and/or the transmission ofinformation between a variety of computing devices which users caninteract with (for example, mobile device 101 a, computing device 101 b)and one or more trusted back-end servers (for example, system server 105and remote computing device 102). More specifically, the system server105 can enforce rules governing the user's access to information, aswell as the sharing of information with third-parties as authorized bythe user. For example, the system server 105 can regulate access to adatabase of information pertaining to a user. The information may havebeen biometrically authenticated by the user, and access to thatinformation may be limited according to rules defined by the user. Byway of further example, the system server 105 may regulate a database ofinformation and grant access to the information to an authenticated useraccording to rules or permissions previously granted to the user.

While FIG. 1 depicts the system for authorizing access to anaccess-controlled system 100 with respect to a mobile device 101 a and auser computing device 101 b and a remote computing device 102, anynumber of such devices may interact with the system in the mannerdescribed herein. While FIG. 1 depicts a system 100 with respect to theuser 124, any number of users may interact with the system in the mannerdescribed herein.

While the various computing devices and machines referenced herein,including but not limited to mobile device 101 a, system server 105, andremote computing device 102, are referred to as individual/singledevices and/or machines, in certain implementations the referenceddevices and machines, and their associated and/or accompanyingoperations, features, and/or functionalities can be combined or arrangedor otherwise employed across any number of such devices and/or machines,such as over a network connection or wired connection, as is known tothose of skill in the art.

The exemplary systems and methods described herein in the context of themobile device 101 a are not specifically limited to the mobile deviceand can be implemented using other enabled computing devices (forexample, the user computing device 102).

In reference to FIG. 2A, one embodiment of the mobile device 101 aincludes various hardware and software components which serve to enableoperation of the system, including one or more processors 110, a userinterface 115, a memory 120, a microphone 125, a display 140, a camera145, a communication interface 150, an audio output 155, one or moresensors 160, and a storage 190. Processor 110 serves to execute a clientapplication in the form of software instructions which can be loadedinto memory 120. Processor 110 can include any number of processors, aCentral Processing Unit (CPU), a Graphics Processing Unit (GPU), amulti-processor core, or any other type of processor, depending on theparticular implementation.

Preferably, the memory 120 and/or the storage 190 are accessible by theprocessor 110, thereby enabling the processor 110 to receive and executeinstructions encoded in the memory 120 and/or on the storage 190 so asto cause the mobile device 101 a and its various hardware components tocarry out operations for aspects of the systems and methods as will bedescribed in greater detail below. Memory 120 can include, for example,a random access memory (RAM) or any other suitable volatile ornon-volatile computer readable storage medium. In addition, the memory120 can be fixed or removable. The storage 190 can take various forms,depending on the particular implementation. For example, the storage 190can contain one or more components or devices such as a hard drive, aflash memory, a rewritable optical disk, a rewritable magnetic tape, orsome combination of the above. Storage 190 also can be fixed orremovable.

One or more software modules 130 are encoded in the storage 190 and/orin the memory 120. The software modules 130 can comprise one or moresoftware programs or applications having computer program code or a setof instructions executed in the processor 110. As depicted in FIG. 2B,one embodiment of the software modules 130 includes a user interfacemodule 170, a biometric capture module 172, an analysis module 174, anenrollment module 176, a database module 178, an authentication module180, a communication module 182, and a machine learning module 184 whichare executed by processor 110. Such computer program code orinstructions configure the processor 110 to carry out operations of thesystems and methods disclosed herein and can be written in anycombination of one or more programming languages.

The program code can execute entirely on mobile device 101 a, as astand-alone software package, partly on the mobile device 101 a, partlyon system server 105, or entirely on system server 105 or another remotecomputer/device. In one example, the remote computer can be connected tomobile device 101 a through any type of network, including a Local AreaNetwork (LAN) or a Wide Area Network (WAN), mobile communicationsnetwork, cellular network, or the connection can be made to an externalcomputer (for example, through the Internet using an Internet ServiceProvider).

It can also be said that the program code of software modules 130 andone or more computer-readable storage devices (such as memory 120 and/orstorage 190) form a computer program product which can be manufacturedand/or distributed in accordance with the present invention, as is knownto those of ordinary skill in the art.

It should be understood that in some illustrative embodiments, one ormore of the software modules 130 can be downloaded over a network tostorage 190 from another device or system via communication interface150 for use within the system authorizing access to an access-controlledsystem 100. In addition, it should be noted that other informationand/or data relevant to the operation of the present systems and methods(such as database 185) can also be stored on storage. In someembodiments, and as discussed in greater detail below, data stored onthe mobile device 101 a and/or system server 105 can be encrypted.

Also preferably stored on storage 190 is database 185. As will bedescribed in greater detail below, the database 185 contains and/ormaintains various data items and elements which are utilized throughoutthe various operations of the system and method for authenticating auser 124. The information stored in database 185 can include but is notlimited to a user profile, as will be described in greater detailherein. It should be noted that although database 185 is depicted asbeing configured locally with respect to mobile device 101 a, in certainimplementations the database 185 and/or various of the data elementsstored therein can, in addition or alternatively, be located remotely(such as on a remote device 102 or system server 105, for example) andconnected to the mobile device 101 a through a network in a manner knownto those of ordinary skill in the art. In some embodiments, the database185 may be supplemented with, or replaced by, one or more alternatestorage media. For example, the storage 190 may include a file store, orany other persistent storage medium, in lieu of or in addition to thedatabase 185.

In some embodiments, the storage 190 may be configured to store one ormore pre-trained neural networks, as discussed in greater detail below.For example, the storage 190 may be configured to store one or moreone-to-many pre-trained neural networks. The pre-trained neural networksmay be utilized when a connection between the mobile device 101 a andthe system server 105 is unavailable, for example.

A user interface 115 is also operatively connected to the processor 110.The user interface 115 can include one or more input or output device(s)such as switch(es), button(s), key(s), a fingerprint pad, atouch-screen, microphones, and so forth. The user interface 115 servesto facilitate the capture of commands from the user such as on-offcommands or user information and settings related to operation of thesystem 100 for authenticating a user. For example, the user interface115 serves to facilitate the capture of certain information from themobile device 101 a such as personal user information for enrolling withthe system so as to create a user profile.

The mobile device 101 a can also include a display 140 which is alsooperatively connected to the processor 110. The display 140 includes ascreen or any other such presentation device which enables the system toinstruct or otherwise provide feedback to the user regarding theoperation of the system for authenticating a user 100. By way ofexample, the display can be a digital display such as a dot matrixdisplay or other 2-dimensional display.

By way of further example, the user interface 115 and the display 140can be integrated into a touch screen display. Accordingly, the display140 is also used to show a graphical user interface, which can displayvarious data and provide “forms” that include fields which allow for theentry of information by the user. Touching the touch screen at locationscorresponding to the display of a graphical user interface allows theperson to interact with the device to enter data, change settings,control functions, etc. When the touch screen is touched, the userinterface 115 communicates changes to the processor 110, and settingscan be changed or user-entered information can be captured and stored inthe memory 120.

Mobile device 101 a also includes a camera 145 capable of capturingdigital images. The camera 145 can be one or more imaging devicesconfigured to capture images. For example, the camera 145 may beutilized by a user, such as the user 124, to capture one or more imagesof a biometric feature of the user. In such examples, the camera 145facilitates the capture of images and/or video of the user for thepurpose of image analysis by the processor 110 executing the secureauthentication application which includes identifying biometric featuresfor authenticating the user. The camera 145, which may include one ormore cameras, may be configured to capture light in the visiblespectrum, or light outside of the visible spectrum, such as infraredlight. The mobile device 101 a and/or the camera 145 can also includeone or more light or signal emitters (not shown), such as a visiblelight emitter and/or infrared light emitter.

The camera 145 can be integrated into the mobile device 101 a, such as afront-facing camera and/or rear-facing camera which incorporates asensor, for example and without limitation a CCD or CMOS sensor.Alternatively, the camera 145 can be external to the mobile device 101a. In addition, the mobile device 101 a can also include one or moremicrophones 125 for capturing audio recordings. For example, themicrophone 125 may be utilized by a user, such as the user 124, tocapture one or more phrases spoken by the user, where the spoken phrasesmay be used to biometrically authenticate the user.

Audio output 155 is also operatively connected to the processor 110.Audio output can be any type of speaker system which is configured toplay electronic audio files as would be understood by those skilled inthe art. Audio output can be integrated into the mobile device 101 a orexternal to the mobile device 101 a.

Various hardware devices/sensors 160 are also operatively connected tothe processor 110. The sensors 160 can include: an on-board clock totrack time of day, etc.; a GPS-enabled device to determine a location ofthe mobile device 101 a; one or more accelerometers to track theorientation and acceleration of the mobile device 101 a; a gravitymagnetometer; proximity sensors; RF radiation sensors; an atmosphericpressure sensor, such as those used to detect altitude; and other suchdevices as would be understood by those skilled in the art.

Communication interface 150 is also operatively connected to theprocessor 110 and can be any interface which enables communicationbetween the mobile device 101 a and external devices, machines and/orelements including system server 105. Preferably, the communicationinterface 150 includes, but is not limited to, a modem, a NetworkInterface Card (NIC), an integrated network interface, a radio frequencytransmitter/receiver (for example, Bluetooth, cellular, NFC), asatellite communication transmitter/receiver, an infrared port, a USBconnection, and/or any other such interfaces for connecting the mobiledevice 101 a to other computing devices and/or communication networkssuch as private networks and the Internet. Such connections can includea wired connection or a wireless connection (for example, using the802.11 standard) though it should be understood that the communicationinterface 150 can be practically any interface which enablescommunication to/from the mobile device 101 a.

At various points during the operation of the system authorizing accessto an access-controlled system 100, the mobile device 101 a cancommunicate with one or more computing devices, such as system server105, user computing device 101 b and/or remote computing device 102.Such computing devices transmit and/or receive data to/from mobiledevice 101 a, thereby preferably initiating maintaining, and/orenhancing the operation of the system 100, as will be described ingreater detail below.

FIG. 2C is a block diagram illustrating an exemplary configuration ofsystem server 105. System server 105 can include a processor 210 whichis operatively connected to various hardware and software components forfacilitating secure authentication of transactions at a terminal. Theprocessor 210 serves to execute instructions to perform variousoperations relating to user authentication and transaction processing aswill be described in greater detail below. The processor 210 can includeany number of processors, a multi-processor core, or some other type ofprocessor, depending on the particular implementation.

In certain implementations, a memory 220 and/or a storage medium 290 areaccessible by the processor 210, thereby enabling the processor 210 toreceive and execute instructions stored on the memory 220 and/or on thestorage 290. The memory 220 can be, for example, a Random Access Memory(RAM) or any other suitable volatile or non-volatile computer readablestorage medium. In addition, the memory 220 can be fixed or removable.The storage 290 can take various forms, depending on the particularimplementation. For example, the storage 290 can contain one or morecomponents or devices such as a hard drive, a flash memory, a rewritableoptical disk, a rewritable magnetic tape, or some combination of theabove. The storage 290 also can be fixed or removable.

One or more software modules 130 (depicted in FIG. 2B) and a machinelearning model 282 are encoded in the storage 290 and/or in the memory220. The software modules 130 can comprise one or more software programsor applications (collectively referred to as the “secure authenticationserver application”) having computer program code or a set ofinstructions executed in the processor 210. Such computer program codeor instructions for carrying out operations for aspects of the systemsand methods disclosed herein can be written in any combination of one ormore programming languages, as would be understood by those skilled inthe art. The program code can execute entirely on the system server 105as a stand-alone software package, partly on the system server 105 andpartly on a remote computing device, such as a remote computing device102, mobile device 101 a and/or user computing device 101 b, or entirelyon such remote computing devices.

As depicted in FIG. 2B, preferably included among the software modules130 are an analysis module 174, an enrollment module 176, a databasemodule 178, an authentication module 180, a communication module 182,and a machine learning module 184, which are executed by the systemserver's processor 210. The machine learning module 184 may beconfigured to execute one or more neural networks, including partially-or fully-connected neural networks, Long Short Term Memory (LSTM) neuralnetworks, convolution neural networks (CNNs), or other neural networks.For example, the machine learning module 184 may be configured toexecute one or more neural networks according to one or more neuralnetwork models stored in the machine learning model 282. The machinelearning model 282 may store templates of neural networks to be executedto facilitate execution of the one or more neural networks by themachine learning module 184. In at least one embodiment, the machinelearning model 282 may be further configured to train the stored neuralnetworks and provide the trained neural networks to the machine learningmodule 184.

Also preferably stored on the storage 290 is a database 280. As will bedescribed in greater detail below, the database 280 contains and/ormaintains various data items and elements which are utilized throughoutthe various operations of the system 100, including but not limited touser profiles as will be described in greater detail herein. It shouldbe noted that although the database 280 is depicted as being configuredlocally to the computing device 205, in certain implementations thedatabase 280 and/or various of the data elements stored therein can bestored on a computer-readable memory or storage medium which is locatedremotely and connected to the system server 105 through a network (notshown), in a manner known to those of ordinary skill in the art.

A communication interface 250 is also operatively connected to theprocessor 210. The communication interface 250 can be any interfacewhich enables communication between the system server 105 and externaldevices, machines and/or elements. In certain implementations, thecommunication interface 250 includes, but is not limited to, a modem, aNetwork Interface Card (NIC), an integrated network interface, a radiofrequency transmitter/receiver (for example, Bluetooth, cellular, NFC),a satellite communication transmitter/receiver, an infrared port, a USBconnection, and/or any other such interfaces for connecting thecomputing device 105 to other computing devices and/or communicationnetworks, such as private networks and the Internet. Such connectionscan include a wired connection or a wireless connection (for example,using the 802.11 standard) though it should be understood thatcommunication interface 250 can be practically any interface whichenables communication to/from the processor 210.

As discussed above, mobile devices such as the mobile device 101 a maybe configured to execute one or more authentication processes toregulate access to access-controlled environments accessible to themobile device 101 a. Regulating access to the access-controlledenvironments may include allowing access to an access-controlledenvironment if a determination can be made with sufficient certaintythat a user requesting access to an access-controlled function is a userwith access permissions to the access-controlled function. Certainty ofa user's identity may be expressed as a percentage value, and differentaccess-controlled functions may each require a respective minimumnecessary value of identity certainty to grant access to the respectiveaccess-controlled functions.

Determining a certainty of a user's identity may be performed by amobile device according to one of several types of authenticationprocesses. FIGS. 3A-3C illustrate a process 300 of regulating access toaccess-controlled environments according to an embodiment. For example,the process 300 may be executed by a mobile device, such as the mobiledevice 101 a, configured to execute one or more applications to whichaccess may be regulated. Each application may require an individuallevel of certainty that a user has access privileges to the features ofthe respective application. For example, access to a first feature of abanking application may be denied unless the mobile device 101 a is atleast 65% certain that a user of the mobile device 101 a is anauthorized user for whom access to the first feature is allowed, and asecond feature of the banking application may be denied unless themobile device 101 a is at least 85% certain that a user of the mobiledevice 101 a is an authorized user for whom access to the second featureis allowed.

In some examples, a feature may include different levels of certaintyrequirements. For example, a withdrawal feature of a banking applicationmay require a first level of certainty to withdraw less than $100, andmay require a second level of certainty to withdraw more than $100.

At act 302, the process 300 begins. At act 304, user information isreceived. For example, the user information may include passiveinformation received by the mobile device 101 a without affirmativelyprompting the user to provide the user information, as discussed ingreater detail below. An example of passive information may include, forexample, information indicative of an angle at which a user is holdingthe mobile device 101 a, which may be obtained from the sensors 160,such as one or more accelerometers.

At act 306, a first user identity probability is determined. The firstuser identity probability may be determined based on informationobtained in connection with act 304. For example, in at least oneexample, the information obtained in connection with act 304 may be usedas an input to a neural network configured to provide a user identityprobability based at least in part on passive information inputs, asdiscussed in greater detail below. The user identity probability mayfurther be determined based on an elapsed time since a previousauthentication. For example, the user identity probability may be higherif the mobile device 101 a recently authenticated a fingerprint of theuser, as discussed in greater detail below. The user identityprobability may be expressed as a percentage value, and may indicate acertainty of a user device executing the process 300 that a userproviding authentication information is a user with access privileges toprotected functionality of the user device.

At act 308, a determination is made as to whether a request has beenreceived by the mobile device 101 a. The mobile device 101 a maydetermine whether a request has been received to access anaccess-controlled function. For example, the mobile device 101 a maydetermine if a user has selected an access-controlled applicationexecuted by the mobile device 101 a, such as a mobile bankingapplication configured to restrict access to authenticated users. If arequest has not been received (308 NO), then the process returns to act304, and acts 304 and 306 are repeated to continuously and passivelyupdate a user identity probability based on passive information.Otherwise, if a request has been received (308 YES), then the processcontinues to act 310.

At act 310, a determination is made as to whether a user probabilitydetermination is sufficient to grant a request to access to anaccess-controlled environment. For example, the mobile device 101 a maydetermine if the user identity probability determined at act 306 issufficient to grant the request received at act 308 YES. In at least oneembodiment, the request received at act 308 YES may require a minimumuser identity certainty to grant the request. For example, a request toview a bank account balance in a mobile banking application may requirea user probability certainty of 65%, whereas a request to transfer fundsfrom the bank account via the mobile banking application may require auser probability certainty 80%.

If the user probability certainty determined at act 306 meets or exceedsthe user probability certainty requirements of the request received atact 308 YES (310 YES), then the process 300 continues to act 330. At act330, access is granted to the access-controlled environment pursuant tothe request received at act 308 YES.

Otherwise, if the user probability certainty does not meet or exceed theuser probability certainty requirements (310 NO), then the mobile device101 a may determine that additional authentication steps may benecessary before access may be granted to the access-controlledfunctionality. Accordingly, the process 300 continues to act 311 toperform additional authentication steps.

At act 311, a determination is made as to whether a user has beenpreviously enrolled in a biometric authentication system. For example,determining if a user has been previously enrolled in a biometricauthentication system may include determining, by the mobile device 101a, if user biometric information has been previously captured and storedin the storage 190. If the user has been previously enrolled (311 YES),then the process 300 continues to act 312. Otherwise, if the user hasnot been previously enrolled (311 NO), then the process 300 continues toact 313. At act 313, the user is enrolled in the biometricauthentication system, as discussed below with respect to FIG. 4, andthe process 300 continues to act 312.

At act 312, user information is requested. For example, the mobiledevice 101 a may request active authentication information from a user.Active information may include, for example, facial scan information,voice information, fingerprint information, DNA information, or acombination thereof. In some embodiments, the mobile device 101 a mayrequest multiple forms of active authentication information, such as byrequesting multiple fingerprint scans or a fingerprint scan and a facialscan. The active authentication information request may include, forexample, a request for the user to place a finger on a fingerprintscanner of the mobile device 101 a one or more times in one or morepositions or orientations. In another example, the active authenticationrequest may include, for example, a request for the user to speak acertain word, sentence, or other phrase displayed via the mobile device101 a. At act 314, user information is received. The user informationreceived at act 314 may include active user information receivedpursuant to the request received at act 312. For example, where therequest is a request for the user to place a finger on the fingerprintscanner, the mobile device 101 a may capture an image of a fingerprintfrom the user.

At act 316, a second user identity probability is determined. Forexample, the second user probability determination may be based on theuser information received at act 304, which may include passiveinformation, and the user information received at act 314, which mayinclude active information. In at least one example, the informationobtained in connection with act 314 may be used as an input to a neuralnetwork configured to output a user identity probability based at leastin part on active information inputs, as discussed in greater detailbelow.

The active information received at act 314 may be compared to storedactive information associated with an authorized user acquired andstored in the storage 190 during enrollment at act 313 to determine ifthe information received at act 314 is sufficiently similar to thestored active information. The comparison may be executed using knownbiometric analysis techniques, and a threshold level of similarity maybe set to define a level of similarity which constitutes a sufficientlysimilar match.

If the comparison indicates that the active information received at act314 is sufficiently similar to the stored active information, then thefirst identity probability determined at act 306 may be adjusted toincrease by a set amount to yield an adjusted first identityprobability. For example, if the first identity probability determinedat act 306 is 65%, then a determination that the active informationreceived at act 314 substantially matches the stored active informationmay increase the first identity probability by 20% to yield an adjustedfirst identity probability of 85%. Adjusting the first identityprobability based on the second user identity probability is discussedin greater detail below.

At act 318, a determination is made as to whether the adjusted firstidentity probability is sufficient to grant a request to access to anaccess-controlled environment. For example, the mobile device 101 a maydetermine if the adjusted first identity probability determined at act316 is sufficient to grant the request received at act 308 YES. If theadjusted first identity probability determined at act 316 meets orexceeds the user probability certainty requirements of the requestreceived at act 308 YES (318 YES), then the process 300 continues to act330. Otherwise, if the adjusted first identity probability does not meetor exceed the user probability certainty requirements (318 NO), theprocess 300 continues to act 320.

At act 320, third user information is requested. For example, the mobiledevice 101 a may request liveness information indicative of whether anentity providing information to the mobile device 101 a is a live humanuser, as discussed in greater detail below. At act 322, user informationis received. For example, receiving the user information may includecapturing audio information spoken by the user with a microphone, suchas the microphone 125, as discussed in greater detail below.

In some embodiments, act 320 may be omitted, and receiving livenessinformation at act 322 may include receiving information which is notrequested from a user. Liveness information may include informationwhich is passively acquired without actively requesting the informationfrom the user. For example, the liveness information may include passiveliveness information indicative of a user's vital signs which is notactively requested from the user. Passive liveness information mayinclude, for example, detecting a user blinking using a camera coupledto a user device, such as the camera 145.

At act 324, a third user identity probability is determined. Forexample, the third user probability determination may be based on theuser information received at act 304, which may include passiveinformation, the user information received at act 314, which may includeactive information, and the user information received at act 322, whichmay include liveness information. The user information received at act322 may be provided to a neural network configured to determine aprobability that the user information was provided by a live human user.If the neural network determines that the user information received atact 322 was provided by a live human user, then the adjusted firstidentity probability determined at act 316 may be further adjusted toincrease by a set amount. For example, if the adjusted first identityprobability determined at act 316 is 85%, then a determination that theliveness information received at act 322 substantially matches thestored active information may further adjust the first identityprobability to increase by 13% to yield an adjusted first identityprobability of 98%.

At act 326, a determination is made as to whether the further adjustedfirst identity probability determination is sufficient to grant arequest to access to an access-controlled environment. For example, themobile device 101 a may determine if the further adjusted first identityprobability determined at act 324 is sufficient to grant the requestreceived at act 308 YES. If the further adjusted first identityprobability determined at act 324 meets or exceeds the user probabilitycertainty requirements of the request received at act 308 YES (326 YES),then the process 300 continues to act 330. At act 330, access to theaccess-controlled environment is granted. The process 300 ends at act332.

Otherwise, if the further adjusted first identity probability does notmeet or exceed the user probability certainty requirements (326 NO), theprocess 300 continues to act 328. At act 328, access to theaccess-controlled environment is denied. For example, the mobile device101 a may deny access to the access-controlled environment and display amessage on the user interface 115 indicating that access has beendenied. The process 300 ends at act 332.

As discussed above with respect to acts 304 and 306, a determination ofa user identity may be based at least partially on passiveauthentication information. In at least one embodiment, authenticationbased on passive information may be generally considered a mostconvenient process of authentication at least because a user is notrequired to affirmatively provide any information or inputs to themobile device 101 a in response to a request from the mobile device 101a.

Passive information may include information which is nominally referredto herein as minimally-invasive information, medially-invasiveinformation, and maximally-invasive information. However, it is to beappreciated that passive information is divided into sub-groups forpurposes of discussion only, and no limitation is meant to be implied bythe identified sub-groups.

Minimally-invasive information may generally include informationindicative of physical behavior of the mobile device 101 a. For example,information indicative of physical behavior captured by a user devicemay include information such as geospatial information, networkinformation (for example, Wi-Fi information, NFC information, Bluetoothinformation, or cellular information), time-of-day information, physicalbehavior characteristics (for example, angle information oraccelerometer information indicative of an angle or acceleration of theuser device), time information indicative of how long authenticationtakes, frequency information indicative of how frequently authenticationtakes place (for example, information indicative of how long ago a mostrecent authentication took place), Internet speed information, VPNstatus, compass direction information, information captured by amagnetometer, motion data captured from an accelerometer and/orvibrational gyroscope (for example, motion data indicative of an angleat which the mobile device 101 a is being held, or motion dataindicative of a user's gait), information captured from a smart watch(for example, heart rate), IoT data (for example, information capturedby one or more IoT-enabled devices), and information indicative of alocation and behavior of things and/or people related to a user.

Medially-invasive information may generally include informationindicative of logical behavior. Logical behavior may include informationindicative of an ambient background of the mobile device 101 a,including background sounds or nearby objects. For example,medially-invasive information may include information captured by one ormore of a microphone, front camera, back camera, or physiological sensorof the user device. The information captured by the microphone may beanalyzed to classify ambient sounds, music, biological sounds, and soforth. The information captured by the microphone may include voiceinformation which may be analyzed in connection with a user'spassively-enrolled voice. Passive enrollment of a user's voice mayinclude passively learning a user's voice by analyzing the user's voiceover time.

The information captured by the front and back cameras may be capturedto measure ambient light, determine dimensions of an ambient space,classify ambient objects, and analyze ultraviolet light. The informationcaptured by the front and back camera may also include user facialbiometric information which may be analyzed in connection withpassively-enrolled facial features. Passive enrollment of a user'sfacial features may include passively learning a user's facial featuresby analyzing the user's facial features over time. The informationcaptured by the physiological sensor may include information indicativeof a physiological state of the user. For example, the informationindicative of the physiological state of the user may includeinformation indicative of a blood pressure of the user.

Maximally-invasive information may generally include informationindicative of content behavior. For example, maximally-invasiveinformation may include information indicative of user contentaccessible to the user device. The user content may include textmessages, email records, phone call records, social network activity,browser history and content, and so forth. Analyzing the user contentmay include analyzing the recipient and content of a message, forexample.

As discussed above with respect to act 306, the user informationreceived at act 304 may be analyzed to determine a probability that auser of the user device is a user with access privileges to the userdevice by inputting the user information to a neural network executed bythe mobile device 101 a in connection with the machine learning model282 of the system server 105. The neural network may be implementedaccording to at least one of several known neural networkconfigurations. For example, the neural network may include at least oneof a fully-connected neural network and an LSTM neural network.

The neural network may be trained to learn the passive informationtypically acquired by the mobile device 101 a when the mobile device 101a is in the possession of an authorized user. In at least oneembodiment, the neural network is configured to continuously train toadapt to changing baseline information. In one embodiment, training isexecuted by the machine learning model 282 on the system server 105. Themobile device 101 a may subsequently compare, at act 306, a state of themobile device 101 a with the learned state to determine if the mobiledevice 101 a is in the possession of an authorized user.

For example, the neural network may learn, based on physical behaviorinformation obtained from an accelerometer in the mobile device 101 a,that the authorized user typically holds the mobile device 101 a at aspecific angle. In another example, the neural network may learn, basedon logical behavior information obtained from the microphone 125 of themobile device 101 a, typical speech patterns of the authorized user. Ina final example, the neural network may learn, based on content behaviorinformation accessible to the mobile device 101 a, that the authorizeduser rarely generates new content (including, for example, sendingemails) during certain hours of a day.

In one implementation, once the neural network has completed an initialtraining period to learn typical conditions of the passive informationwhen the mobile device 101 a is in possession of an authorized user, themobile device 101 a may generate and store an initial user identifierindicative of the typical conditions of the passive information based onan output of the neural network. For example, the mobile device 101 amay store the user identifier in the storage 190. The mobile device 101a may subsequently generate, at act 306, a user identifier based oninformation acquired at act 304. The user identifier can be compared tothe stored user identifier to determine if the mobile device 101 a is inthe possession of an authorized user. In some embodiments, the mobiledevice 101 a continuously generates and stores subsequent useridentifiers as the neural network is continuously trained. As discussedabove, the neural network may be trained on the machine learning model282 of the system server 105.

In at least one embodiment, the comparison of the user identifier andthe stored user identifier is performed in an encrypted space to enhancesecurity. As used herein, performing a comparison in an encrypted spaceincludes performing a comparison between two or more encrypted values.For example, the stored user identifier may be encrypted using a one-wayhomomorphic encryption algorithm prior to being stored in the storage190. The user identifier generated at act 306 may be encryptedsubsequent to generation and prior to comparison to the encrypted storeduser identifier using the same encryption algorithm used to encrypt thestored user identifier.

A comparison of the user identifier generated at act 306 with the useridentifier may include encrypting the user identifiers prior to thecomparison, rather than comparing the identifiers in a plaintext format.In at least one embodiment, performing the comparison in the encryptedspace may enhance security at least because no plaintext features of thestored user identifier are stored in the storage 190. Accordingly, amalicious user having access to the storage 190 may not have access toplaintext features of the stored user identifier.

As discussed above with respect to act 316, the information received atact 314 may be analyzed by inputting the user information to a neuralnetwork executed by the mobile device 101 a in connection with thesystem server 105. For example, the neural network may be executed bythe mobile device 101 a in connection with the neural network model 282of the system server 105. The neural network may be implementedaccording to at least one of several known neural networkconfigurations. For example, the neural network may include at least oneof a fully-connected neural network and a CNN configured to generate andoutput the second user identity probability.

The neural network may be trained to learn the information received atact 314. In at least one embodiment, the neural network is configured tocontinuously train to adapt to changing information. The mobile device101 a may subsequently compare, at act 316, a state of the informationreceived at act 314 with the learned state to determine if the mobiledevice 101 a is in the possession of an authorized user.

For example, the neural network may learn a baseline for biometricinformation such as a facial scan or fingerprint scan for a user. In oneimplementation, once the neural network has completed an initialtraining period to learn typical conditions of the biometric informationof the user, the mobile device 101 a may generate and store an initialuser identifier indicative of the typical conditions of the biometricinformation based on an output of the neural network. The useridentifier may be distinct from, or combined with, the user identifiergenerated in connection with the passive information, as discussedabove. For example, the mobile device 101 a may store the useridentifier in the storage 190. The mobile device 101 a may subsequentlygenerate, at act 316, a user identifier based on information acquired atact 314. The user identifier can be compared to the stored useridentifier to determine if the mobile device 101 a is in the possessionof an authorized user. In some embodiments, the mobile device 101 acontinuously generates and stores subsequent user identifiers as theneural network is continuously trained.

In at least one embodiment, the comparison of the user identifier andthe stored user identifier is performed in an encrypted space to enhancesecurity. As used herein, performing a comparison in an encrypted spaceincludes performing a comparison between two or more encrypted values.For example, the stored user identifier may be encrypted using a one-wayhomomorphic encryption algorithm prior to being stored in the storage190. The user identifier generated at act 316 may be encryptedsubsequent to generation and prior to comparison to the encrypted storeduser identifier using the same encryption algorithm used to encrypt thestored user identifier.

A comparison of the user identifier generated at act 316 with the storeduser identifier may include encrypting the user identifiers prior to thecomparison, rather than comparing the identifiers in a plaintext format.In at least one embodiment, performing the comparison in the encryptedspace may enhance security at least because no plaintext features of thestored user identifier are stored in the storage 190. Accordingly, amalicious user having access to the storage 190 may not have access toplaintext features of the stored user identifier.

As discussed above, the second user identity probability determined atact 316 may be utilized to adjust the first user identity probabilitydetermined at act 306. In some embodiments, the first user identityprobability determined at act 306 and the second user identityprobability determined at act 316 may be averaged to determine anadjusted first user identity probability. Alternatively, the first useridentity probability may be adjusted by a fixed amount in accordancewith a value of the second user identity probability.

In one embodiment, if the second user identity probability is above afirst threshold, then the first user identity probability may beadjusted by a first amount. If the second user identity probability isabove a second threshold, then the first user identity probability maybe adjusted by a second amount. For example, the first user identityprobability may be 65%, and the second user identity probability may be85%. The mobile device 101 a may determine that, if the second useridentity probability is above 80%, then the first user identityprobability may be adjusted to increase by 10%. Accordingly, theadjusted first user identity probability is 75%.

In another example, the first user identity probability may be 65%, andthe second user identity probability may be 95%. The mobile device 101 amay determine that, if the second user identity probability is above80%, then the first user identity probability may be adjusted toincrease by 10%, and if the second user identity probability is above90%, then the first user identity probability may be adjusted toincrease by 20%. Accordingly, the adjusted first user identityprobability is 85%. In other examples, an alternate number of thresholdsassociated with alternate identity probability adjustments may beimplemented.

As discussed above with respect to acts 320-324, the determination of auser identity by a user device may be further based on livenessinformation requested from a user. Liveness information may include, forexample, information indicative of whether or not authenticationinformation being provided to the user device is derived from a livehuman user. Liveness information may be implemented to mitigate“spoofing” attempts. For example, a spoofing attempt may include amalicious user using a photograph of an authorized user to attempt topass a facial biometric authentication challenge. The livenessinformation may be used to determine that the facial information isbeing provided from a picture, rather than a live human user, and maydeny access based on the determination of the spoofing attempt.

Examples of liveness information include voice information, facialinformation, video information, music information, gesture information,and user vital information. Examples of liveness information may benominally considered either biometric liveness information or randomliveness information.

Biometric liveness information may include information which iscollected from the user and which is indicative of a biometric featureof a user. For example, biometric liveness information may includepassively-collected information indicative of a user's blood pressure,heart beat, eye blinking, or other signs associated with a live humanuser. In another example, biometric liveness information may includeactively-collected information requested of a user. For example, theactively-collected information may include a fingerprint scan or afacial scan.

Random liveness information may include information which is requestedfrom a user. For example, the mobile device 101 a may generate a randomphrase and request that the user speak the phrase aloud. In anotherexample, the mobile device 101 a may select a random gesture and requestthat the user perform the specified gesture. The phrase or gesture maybe captured by a microphone or camera, respectively, and analyzed todetermine if the phrase or gesture substantially matches the phrase orgesture requested of the user.

Analysis of the captured phrase or gesture may be executed using aneural network executed by the mobile device 101 a. The neural networkmay be implemented according to at least one of several known neuralnetwork configurations. For example, the neural network may include atleast one of a CNN and any other neural network model. For example, theneural network may be configured to receive, as inputs, informationindicative of an expected phrase or gesture generated by the user device(for example, the phrase or gesture requested of the user) andinformation indicative of the received phrase or gesture provided by theuser to the user device. The neural network may be configured to outputa probability that the received phrase or gesture substantially matchesthe information indicative of the expected phrase or gesture generatedby the user device. The neural network may be a same or different neuralnetwork than the neural network executed in connection with act 306, asdiscussed above.

As discussed above, the second user identity probability determined atact 324 may be utilized to adjust the first user identity probabilitydetermined at act 316. In some embodiments, the adjusted user identityprobability may be further adjusted in accordance with the third useridentity probability. For example, the adjusted first user identityprobability determined at act 316 and the third user identityprobability determined at act 324 may be averaged to further adjust theadjusted first user identity probability.

In an alternate embodiment, if the third user identity probability isabove a first threshold, then the adjusted first user identityprobability may be further adjusted by a first amount. If the third useridentity probability is above a second threshold, then the adjustedfirst user identity probability may be further adjusted by a secondamount. For example, the adjusted first user identity probability may be85%, and the third user identity probability may be 96%. The mobiledevice 101 a may determine that, if the third user identity probabilityis above 95%, then the adjusted first user identity probability may befurther adjusted to increase by 10%. Accordingly, the adjusted firstuser identity probability may be further adjusted to 95%.

In another example, the adjusted first user identity probability may be85%, and the third user identity probability may be 99%. The mobiledevice 101 a may determine that, if the third user identity probabilityis above 95%, then the adjusted first user identity probability may befurther adjusted to increase by 10%, and if the third user identityprobability is above 98%, then the adjusted first user identityprobability may be further adjusted to increase by 13%. Accordingly, theadjusted first user identity probability is further adjusted to increaseto 98%. In other examples, an alternate number of thresholds associatedwith alternate identity probability adjustments may be implemented.

FIG. 4 illustrates a process 400 of enrolling a user with a user deviceaccording to an embodiment. For example, the process 400 may be animplementation of act 311. The process 400 may be executed by a userdevice, such as the mobile device 101 a. The process 400 includes actsof requesting inputs, receiving the inputs, generating a useridentifier, and storing the user identifier.

At act 402, the process 400 begins. At act 404, inputs are requested.For example, the mobile device 101 a may request one or more inputs froma user. The request may include a request for biometric inputs. In oneembodiment, a request for biometric inputs may include a request thatthe user allow an image of their facial features or fingerprints to becaptured. In another embodiment, the request for biometric inputs mayinclude a request that the user speak a specific or random phrase toallow audio information indicative of the user's voice to be captured.

At act 406, inputs are received. For example, the mobile device 101 amay capture one or more image of the user's facial features and/orfingerprints using the camera 145. In another example, the mobile device101 a may capture audio information of a user speaking a specific orrandom phrase using the microphone 125. In another example, the mobiledevice 101 a may receive each of the foregoing inputs, including animage of a user's fingerprint, an image of a user's facial features, andaudio information indicative of a random or specified phrase.

At act 408, a user biometric profile is generated. For example, themobile device 101 a may generate a user biometric profile based on theinputs received at act 406 by providing the inputs to a neural networkconfigured to generate and output, based on the inputs, a useridentifier. At act 410, the user biometric profile, which includes theuser identifier, is stored. For example, the mobile device 101 a maystore a user biometric profile generated at act 408 in the storage 190.In at least one embodiment, the user biometric profile is encryptedprior to storage. For example, a one-way homomorphic encryptionalgorithm may be executed on the user biometric profile prior to storagein the storage 190. Subsequent comparisons to the biometric profile maybe performed in an encrypted space. For example, the active informationreceived at act 314 may be encrypted prior to comparing the encryptedactive information to the encrypted, stored biometric profile. In otherembodiments, the mobile device 101 a may store the user biometricprofile generated at act 408 in the storage 190 without encrypting theuser biometric profile, and may perform subsequent processing of theuser biometric profile using a plaintext comparison. At act 412, theprocess 400 ends.

As discussed above, each access-controlled function accessible via themobile device 101 a may include a respective minimum user identitycertainty criterion. For example, a first function may require a useridentity probability of at least 75% in order to grant access. A secondfunction may require a user identity probability of at least 90% inorder to grant access. Other functions may require any other useridentity probability.

In at least one embodiment, the user identity probability requirementmay be specified by a creator of the access-controlled function. Forexample, a banking application may include several access-controlledfunctions, such as displaying an account balance or enabling a fundstransfer. The user identity probability requirement for each functionmay be specified by a creator of the banking application, such as thebank affiliated with the banking application.

In some embodiments, the creator of the access-controlled function mayspecify other requirements in addition to the minimum user identityprobability requirement. For example, the creator of theaccess-controlled function may require that the mobile device 101 a beat least 70% certain that the user is a user having access privileges,and may additionally require that the mobile device 101 a verify afingerprint of the user. In other embodiments, creators ofaccess-controlled functions may require any number and type ofrequirements to access access-controlled functions.

An example of one implementation of the foregoing principles will now bedescribed. A user possesses a mobile device configured to operatesimilarly to the mobile device 101 a and configured to execute theprocess 300. The user is authorized to possess the mobile device, and isauthorized to access access-controlled functions of the mobile device.The mobile device continuously collects passive information andrepeatedly calculates an identity probability indicative of a certaintythat the mobile device is currently possessed by the user having accesspermissions to the mobile device. The identity probability is calculatedpassively, without prompting the user to provide information.

At a first point in time, the mobile device has calculated an identityprobability of 75%. Stated differently, the mobile device is 75% certainthat the user of the mobile device is a user having access privileges tothe access-controlled functions of the mobile device. The user providesan input to the mobile device which the mobile device interprets as arequest to view an account balance in a mobile banking application. Themobile device determines that the bank affiliated with the mobilebanking application has specified that the mobile device must be atleast 70% certain of the user's identity before allowing the user toview the account balance. The mobile device determines that, because themobile device is more than 70% certain of the user's identity, access isgranted. Accordingly, the user is allowed to view the account balance.

At a second point in time, the mobile device has calculated an identityprobability of 77%. The user provides an input to the mobile devicewhich the mobile device interprets as a request to withdraw $60 from abank account via the mobile banking application. The mobile devicedetermines that the bank affiliated with the mobile banking applicationhas specified that the mobile device must be at least 80% certain of theuser's identity before allowing the user to withdraw less than $100. Themobile device determines that, because the mobile device is less than80% certain of the user's identity, additional authentication must beperformed. Accordingly, the mobile device requests that the user allowthe mobile device to capture an image of the user's fingerprint.

The user has previously enrolled with the mobile device, and the mobiledevice has a stored biometric profile for the user which includes atleast one image of the user's fingerprint. The user allows the mobiledevice to capture the image of the user's fingerprint, and the mobiledevice verifies that the captured image of the user's fingerprint issufficiently similar to the fingerprint in the stored biometric profile.The mobile device determines that providing a matching fingerprintincreases an identity probability by 15%. Accordingly, the identityprobability increases from 77% to 92%. The mobile device determines thatthe identity probability is now greater than 80%, and allows the user towithdraw $60.

In at least one embodiment, the identity probability decays over time.For example, the 92% identity probability provided by the successfulfingerprint match may decay at a rate of 1% per ten minutes. At a thirdpoint in time, the user provides an input to the mobile device which themobile device interprets as a request to withdraw $80 from a bankaccount via the mobile banking application. The mobile device determinesthat the identity probability has decayed to 79%, which is less than therequired 80% certainty.

Accordingly, the mobile device may request that the user allow themobile device to acquire another image of the user's fingerprint. Theuser allows the mobile device to capture the image of the user'sfingerprint, and the mobile device verifies that the captured image ofthe user's fingerprint is sufficiently similar to the fingerprint in thestored biometric profile. The mobile device determines that providing amatching fingerprint increases an identity probability by 15%.Accordingly, the identity probability increases from 79% to 94%. Themobile device determines that the identity probability is now greaterthan 80%, and allows the user to withdraw $80.

At a fourth point in time, less than a minute after the third point intime, the mobile device has calculated an identity probability of 94%.The user provides an input to the mobile device which the mobile deviceinterprets as a request to withdraw $200 from a bank account via themobile banking application. The mobile device determines that the bankaffiliated with the mobile banking application has specified that themobile device must be at least 95% certain of the user's identity beforeallowing the user to withdraw more than $100. The mobile devicedetermines that, because the mobile device is less than 95% certain ofthe user's identity, additional authentication must be performed.Accordingly, the mobile device determines that a liveness of the usermust be verified.

Accordingly, the mobile device generates a random phrase and requeststhat the user speak the random phrase aloud. The user speaks the randomphrase aloud, and the mobile device captures the audio informationprovided by the user. The mobile device verifies that the captured audioinformation is indicative of a human speaking the random phraserequested of the user. The mobile device determines that providing theliveness indication increases the identity probability by 5%.Accordingly, the identity probability increases from 94% to 99%. Themobile device determines that the identity probability is now greaterthan 95%, and allows the user to withdraw $200.

In at least some of the foregoing examples, features have been disclosedwhich correspond to certainty requirements. In some examples, thecertainty requirements may vary depending on one or more factors, suchas location, time of day, number of recent attempts. For example, acertainty requirement for a bank withdrawal of a certain value may behigher at night, higher in countries which the user does not frequentlyvisit, or higher as a result of several recent failed attempts. In someexamples, a host of an access-controlled feature (for example, a bankaffiliated with a mobile banking application) may modify certaintyrequirements. For example, a bank affiliated with a mobile bankingapplication may raise certainty requirements in response to a recentsecurity breach.

In light of the foregoing, an authentication system has been disclosed.Embodiments disclosed herein enable authentication to be performed basedon varying types of authentication information. In at least oneembodiment, a level of inconvenience to a user of providing types ofauthentication information is proportionally related to the criticalityof an access-controlled function, such that the user is nominallyinconvenienced to access low-criticality functions, and mostinconvenienced only to access highest-criticality functions.

Having thus described several aspects of at least one embodiment, it isto be appreciated various alterations, modifications, and improvementswill readily occur to those skilled in the art. Such alterations,modifications, and improvements are intended to be part of thisdisclosure, and are intended to be within the scope of the disclosure.Accordingly, the foregoing description and drawings are by way ofexample only.

For example, although the foregoing discussion describes activeinformation as being analyzed prior to liveness information, inalternate embodiments liveness information may be analyzed prior toactive information. For example, a mobile device may determine that anidentity probability based solely on passive information may besufficiently increased to enable access to an access-controlled functionby verifying the user's heartbeat. The mobile device may verify theuser's heartbeat to verify the liveness of the user without promptingthe user to provide any information, and may allow the user to accessthe access-controlled function.

What is claimed is:
 1. A method of authorizing access toaccess-controlled environments, the method comprising: receiving,passively by a computing device, user behavior authenticationinformation indicative of a behavior of a user of the computing device;comparing, by the computing device, the user behavior authenticationinformation to a stored user identifier associated with the user;calculating, by the computing device, a user identity probability basedon the comparison of the user behavior authentication information to thestored user identifier; receiving, by the computing device, a requestfrom the user to execute an access-controlled function; and granting, bythe computing device, the request from the user responsive todetermining that the user identity probability satisfies a firstidentity probability threshold associated with the access-controlledfunction.
 2. The method of claim 1, wherein the user behaviorauthentication information includes information indicative of at leastone of physical behavior of a user and logical behavior.
 3. The methodof claim 2, wherein the physical behavior of the user includes an angleat which the user holds the computing device.
 4. The method of claim 1,wherein passively receiving the user behavior authentication informationis performed without prompting the user to provide the user behaviorauthentication information.
 5. The method of claim 1, furthercomprising: receiving, by the computing device, a second request fromthe user to execute a second access-controlled function; prompting, bythe computing device, the user to provide at least one biometric inputresponsive to determining that the user identity probability does notsatisfy a second identity probability threshold associated with thesecond access-controlled function; receiving, by the computing device,the at least one biometric input from the user; comparing, by thecomputing device, the at least one biometric input to a user profile;calculating, by the computing device, a second user identity probabilitybased on the comparison of the at least one biometric input to the userprofile; adjusting, by the computing device, the user identityprobability based on the second user identity probability; and granting,by the computing device, the second request from the user responsive todetermining that the user identity probability satisfies the secondidentity probability threshold.
 6. The method of claim 5, wherein theuser profile includes an encrypted biometric value corresponding to theuser, the encrypted biometric value being encrypted by a firstencryption algorithm.
 7. The method of claim 6, wherein comparing the atleast one biometric input to the user profile includes: encrypting theat least one biometric input using the first encryption algorithm togenerate at least one encrypted biometric input; and comparing the atleast one encrypted biometric input to the encrypted biometric value. 8.The method of claim 5, further comprising: receiving, by the computingdevice, a third request from the user to execute a thirdaccess-controlled function; determining, by the computing device, thatthe user identity probability does not satisfy a third identityprobability threshold associated with the third access-controlledfunction; receiving, by the computing device, a liveness indicator fromthe user; calculating, by the computing device, a third user identityprobability based on the liveness indicator; adjusting, by the computingdevice, the user identity probability based on the third user identityprobability; and granting, by the computing device, the third requestfrom the user responsive to determining that the user identityprobability satisfies the third identity probability threshold.
 9. Themethod of claim 8, wherein the liveness indicator includes an indicatorthat the user is a live human user.
 10. The method of claim 9, whereinthe liveness indicator includes at least one of an audio recording ofthe user speaking a phrase generated by the computing device and a videoof the user performing a gesture generated by the computing device. 11.The method of claim 9, wherein receiving the liveness indicator includesreceiving, passively by the computing device, one or more signalsindicative of one or more vital signs of the user.
 12. A method ofauthorizing access to access-controlled environments, the methodcomprising: receiving, passively by a computing device, user behaviorauthentication information indicative of a behavior of a user of thecomputing device; comparing, by the computing device, the user behaviorauthentication information to a stored user identifier associated withthe user; calculating, by the computing device, a first user identityprobability based on the comparison of the user behavior authenticationinformation to the stored user identifier; receiving, by the computingdevice, a request from the user to execute an access-controlledfunction; prompting, by the computing device, the user to provide atleast one biometric input responsive to determining that the first useridentity probability does not satisfy a first identity probabilitythreshold associated with the access-controlled function; receiving, bythe computing device, the at least one biometric input from the user;comparing, by the computing device, the at least one biometric input toa user profile; calculating, by the computing device, a second useridentity probability based on the comparison of the at least onebiometric input to the user profile; adjusting, by the computing device,the first user identity probability based on the second user identityprobability; and granting, by the computing device, the request from theuser responsive to determining that the first user identity probabilitysatisfies the first identity probability threshold.
 13. The method ofclaim 12, wherein the at least one biometric input includes a pluralityof biometric inputs.
 14. The method of claim 12, wherein passivelyreceiving the user behavior authentication information is performedwithout prompting the user to provide the user behavior authenticationinformation.
 15. The method of claim 12, wherein the user profileincludes an encrypted biometric value corresponding to the user, theencrypted biometric value being encrypted by a first encryptionalgorithm.
 16. The method of claim 15, further comprising: encryptingthe biometric input using the first encryption algorithm to generate anencrypted biometric input; and comparing the encrypted biometric inputto the encrypted biometric value.
 17. The method of claim 12, furthercomprising: receiving a second request from the user to execute a secondaccess-controlled function; prompting the user to provide a livenessindicator responsive to determining that the first user identityprobability does not satisfy a second identity probability thresholdassociated with the second access-controlled function; receiving theliveness indicator from the user; calculating a third user identityprobability based on the receipt of the liveness indicator; adjustingthe first user identity probability based on the third user identityprobability; and granting the second request from the user responsive todetermining that the first user identity probability satisfies thesecond identity probability threshold.
 18. A method of authorizingaccess to access-controlled environments, the method comprising:receiving, by a computing device, authentication information includingat least one of user behavior information indicative of a behavior of auser of the computing device, and one or more biometric inputs;comparing, by the computing device, the authentication information to astored user identifier associated with the user; calculating, by thecomputing device, a first user identity probability based on thecomparison of the authentication information to the stored useridentifier; receiving, by the computing device, a request from the userto execute an access-controlled function; prompting the user to providea liveness indicator responsive to determining that the first useridentity probability does not satisfy a first identity probabilitythreshold associated with the access-controlled function; receiving theliveness indicator from the user; calculating a second user identityprobability based on the liveness indicator; adjusting the first useridentity probability based on the second user identity probability; andgranting the request from the user responsive to determining that thefirst user identity probability satisfies the first identity probabilitythreshold.
 19. The method of claim 18, wherein the one or more biometricinput includes a plurality of biometric inputs.
 20. The method of claim18, wherein the liveness indicator includes at least one of an audiorecording of the user speaking a phrase generated by the computingdevice and a video of the user performing a gesture generated by thecomputing device.